Bug 231252

Summary: Speculative fix for a null pointer dereference in ByteCodeParser::handlePutByVal.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch.
ysuzuki: review+
[fast-cq] patch for landing. none

Mark Lam
Reported 2021-10-05 14:06:20 PDT
We're seeing a null pointer dereference in ByteCodeParser::handlePutByVal(). Adding a null check here as a speculative fix to mitigate crashes while we investigate further. rdar://83310320
Attachments
proposed patch. (1.90 KB, patch)
2021-10-05 14:14 PDT, Mark Lam
ysuzuki: review+
[fast-cq] patch for landing. (2.80 KB, patch)
2021-10-05 14:35 PDT, Mark Lam
no flags
Mark Lam
Comment 1 2021-10-05 14:14:45 PDT
Created attachment 440265 [details] proposed patch.
Yusuke Suzuki
Comment 2 2021-10-05 14:20:57 PDT
Comment on attachment 440265 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=440265&action=review r=me > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:8881 > + auto* impl = string->tryGetValueImpl(); > + ASSERT(impl); // FIXME: rdar://83902782 > + if (impl && impl->isAtom() && !parseIndex(*const_cast<StringImpl*>(impl))) { Similar thing exists on op_put_private_name. Please change all of these things in DFG::ByteCodeParser.
Mark Lam
Comment 3 2021-10-05 14:35:04 PDT
Created attachment 440271 [details] [fast-cq] patch for landing. Thanks for the review.
EWS
Comment 4 2021-10-06 10:31:52 PDT
Committed r283632 (242583@main): <https://commits.webkit.org/242583@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 440271 [details].
Note You need to log in before you can comment on or make changes to this bug.